Real-Time Network Intrusion Prevention System Using Incremental Feature Generation

Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.

Machine Learning Enabled Novel Real-Time IoT Targeted DoS/DDoS Cyber Attack Detection System

The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential attacks,Denial of Service(DoS)attacks and Distributed Denial of Service(DDoS)attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic.As IoT devices often lack the inherent security measures found in more mature computing platforms,the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves.In this study,we investigate the effectiveness of three machine learning(ML)algorithms:extreme gradient boosting(XGB),multilayer perceptron(MLP)and random forest(RF),for the detection of IoTtargeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing stateof-the-art,and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks.The CICIoT2023 dataset was derived from the latest real-world IoT traffic,incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering,the data was fed into our models for both training and validation,where findings suggest that while all threemodels exhibit commendable accuracy in detectingDoS/DDoS attacks,the use of particle swarmoptimization(PSO)for feature selection has made great improvements in the performance(accuracy,precsion recall and F1-score of 99.93%for XGB)of the ML models and their execution time(491.023 sceonds for XGB)compared to recursive feature elimination(RFE)and randomforest feature importance(RFI)methods.The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time.This involvesemploying the best-performing ML algorithmfor detection and the integration of warning mechanisms.We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments.

Optimization of Stealthwatch Network Security System for the Detection and Mitigation of Distributed Denial of Service (DDoS) Attack: Application to Smart Grid System

The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems,such as large assets,complex and diverse structures,and lack of computing resources.Traditional network intrusion detection systems cannot meet the security needs of IoT applications.In view of this situation,this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance.Usually,traditional intrusion detection algorithms require considerable time for training,and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes;therefore,it is necessary to study intrusion detection algorithms with low weights,short training time,and high detection accuracy for deployment and application on cloud nodes.An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats.This paper discusses the problems related to IoT intrusion prevention in cloud computing environments.Based on the analysis of cloud computing security threats,this study extensively explores IoT intrusion detection,cloud node monitoring,and intrusion response in cloud computing environments by using cloud computing,an improved extreme learning machine,and other methods.We use the Multi-Feature Extraction Extreme Learning Machine(MFE-ELM)algorithm for cloud computing,which adds a multi-feature extraction process to cloud servers,and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes.In our simulation experiments,a classical dataset for intrusion detection is selected as a test,and test steps such as data preprocessing,feature engineering,model training,and result analysis are performed.The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes.Furthermore,it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time,so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.

Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises

As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.

Efficient Autonomous Defense System Using Machine Learning on Edge Device

As a large amount of data needs to be processed and speed needs to be improved,edge computing with ultra-low latency and ultra-connectivity is emerging as a new paradigm.These changes can lead to new cyber risks,and should therefore be considered for a security threat model.To this end,we constructed an edge system to study security in two directions,hardware and software.First,on the hardware side,we want to autonomically defend against hardware attacks such as side channel attacks by configuring field programmable gate array(FPGA)which is suitable for edge computing and identifying communication status to control the communication method according to priority.In addition,on the software side,data collected on the server performs end-to-end encryption via symmetric encryption keys.Also,we modeled autonomous defense systems on the server by using machine learning which targets to incoming and outgoing logs.Server log utilizes existing intrusion detection datasets that should be used in real-world environments.Server log was used to detect intrusion early by modeling an intrusion prevention system to identify behaviors that violate security policy,and to utilize the existing intrusion detection data set that should be used in a real environment.Through this,we designed an efficient autonomous defense system that can provide a stable system by detecting abnormal signals from the device and converting them to an effective method to control edge computing,and to detect and control abnormal intrusions on the server side.

Behavioral Intrusion Prediction Model on Bayesian Network over Healthcare Infrastructure

Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model.This is unlikely to be the case in production network as the dataset is unstructured and has no label.Hence an unsupervised learning is recommended.Behavioral study is one of the techniques to elicit traffic pattern.However,studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics,namely lack of prior information(p(θ)),and reduced parameters(θ).Therefore,this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction.Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion.Finally,the results are extended to evaluate detection,accuracy and false alarm rate of the model against the subject matter expert model,Support Vector Machine(SVM),k nearest neighbor(k-NN)using simulated and ground-truth dataset.The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario.Results have shown that the proposed model consistently outperformed other models.

Preventing Cloud Network from Spamming Attacks Using Cloudflare and KNN

Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one of the biggest issues that arise.Different types of malware are wreaking havoc on the clouds.Attacks on the cloud server are happening from both internal and external sides.This paper has developed a tool to prevent the cloud server from spamming attacks.When an attacker attempts to use different spamming techniques on a cloud server,the attacker will be intercepted through two effective techniques:Cloudflare and K-nearest neighbors(KNN)classification.Cloudflare will block those IP addresses that the attacker will use and prevent spamming attacks.However,the KNN classifiers will determine which area the spammer belongs to.At the end of the article,various prevention techniques for securing cloud servers will be discussed,a comparison will be made with different papers,a conclusion will be drawn based on different results.

Research on Cyberspace Attack and Defense Confrontation Technology

This paper analyzes the characteristics of Interact space and confrontation, discussed on the main technology of network space attack and defense confrontation. The paper presents the realization scheme of network space attack defense confrontation system, and analyzes its feasibility. The technology and the system can provide technical support for the system in the network space of our country development, and safeguard security of network space in China, promote the development of the network space security industry of China, it plays an important role and significance to speed up China＇ s independent controllable security products development.

Detecting Man-in-the-Middle Attack in Fog Computing for Social Media

Fog computing(FC)is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network(close to the Internet of Things(IoT)devices).Fog nodes provide services in lieu of the cloud.Thus,improving the performance of the network and making it attractive to social media-based systems.Security issues are one of the most challenges encountered in FC.In this paper,we propose an anomalybased Intrusion Detection and Prevention System(IDPS)against Man-in-theMiddle(MITM)attack in the fog layer.The system uses special nodes known as Intrusion Detection System(IDS)nodes to detect intrusion in the network.They periodically monitor the behavior of the fog nodes in the network.Any deviation from normal network activity is categorized as malicious,and the suspected node is isolated.ExponentiallyWeighted Moving Average(EWMA)is added to the system to smooth out the noise that is typically found in social media communications.Our results(with 95%confidence)show that the accuracy of the proposed system increases from 80%to 95%after EWMA is added.Also,with EWMA,the proposed system can detect the intrusion from 0.25–0.5 s seconds faster than that without EWMA.However,it affects the latency of services provided by the fog nodes by at least 0.75–1.3 s.Finally,EWMA has not increased the energy overhead of the system,due to its lightweight.

A parameterized multilevel pattern matching architecture on FPGAs for network intrusion detection and prevention

Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing speed network, this component needs to be accelerated by well designed custom coprocessor.This paper presents a parameterized multilevel pattern matching architecture （MPM） which is used on FPGAs.To achieve less chip area, the architecture is designed based on the idea of selected character decoding （SCD） and multilevel method which are analyzed in detail.This paper also proposes an MPM generator that can generate RTL-level codes of MPM by giving a pattern set and predefined parameters.With the generator, the efficient MPM architecture can be generated and embedded to a total hardware solution.The third contribution is a mathematical model and formula to estimate the chip area for each MPM before it is generated, which is useful for choosing the proper type of FPGAs.One example MPM architecture is implemented by giving 1785 patterns of Snort on Xilinx Virtex 2 Pro FPGA.The results show that this MPM can achieve 4.3 Gbps throughput with 5 stages of pipelines and 0.22 slices per character, about one half chip area of the most area-efficient architecture in literature.Other results are given to show that MPM is also efficient for general random pattern sets.The performance of MPM can be scalable near linearly, potential for more than 100 Gbps throughput.